IPsec Support

The vEOS Router provides robust support for the use of IPsec to establish and maintain IPsec tunnels for secure or encrypted communications between virtual router peer instances as well as virtual peer instances to non-virtual routers.

The vEOS Router supports the use of IPsec to:
  • Secure the communications between vEOS Router instances.
  • Secure the communications between vEOS Router instances and third party virtual router instances.
Note: For the latest information on the types of virtual routers that can share IPsec tunnels with vEOS Router, see the vEOS Router Release Notes.
  • Supported Tunnel Types

    The vEOS Router supports the use of two basic types of IPsec tunnels. The tunnel types are determined based on the encapsulation mode.

  • Requirements when Behind a NAT

    The vEOS Router supports the use of NAT-Traversal to communicate with the remote peer virtual router. To ensure that the tunnel configuration between the vEOS Router and peer router is successful, make sure that vEOS Router tunnel configuration meets the requirements for using NAT.

    Note: NAT-Traversal for IPsec is not supported for DCS-7020SRG.
  • Using IPsec on CloudEOS and vEOS Router Instances

    The vEOS Router enables you to establish and maintain GRE-over-IPsec and VTI IPsec tunnels for secure or encrypted communications between peer vEOS Router instances.

  • Using IPsec on CloudEOS and vEOS and Third Party Devices

    The vEOS Router enables you to establish and maintain IPsec tunnels for secure or encrypted communications between vEOS Router instances and third party peer router instances.

  • Example of Running-configs for IPsec Tunnels

    This example shows the running configurations for a VTI IPsec tunnel between a vEOS Router instance and a Palo Alto firewall VM router instance.

  • IPsec Show Commands

    The vEOS Router provides commands you can use to view all current or established IPsec tunnels and to view all profiles currently being used by established tunnels.